2 matches found
Malicious code in not-a-real-project (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93a590cea516241fd5f5c305b133d564e87c9308fd1378a44f6a689e0ce972f7 The OpenSSF Package Analysis project identified 'not-a-real-project' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious Package
Overview not-a-real-project is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...